Out-of-band tokens for rights access

ABSTRACT

Access to content may be administered by storing content, the content comprising one or more selections, accessing a passive optical out-of-band token associated with the content, determining an access right for the content based on the passive optical out-of-band token, and enabling access to the content in accordance with the access right.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No.13/220,418, filed Aug. 29, 2011, titled “Out-of Band Tokens for RightsAccess,” now allowed, which is a continuation of U.S. patent applicationSer. No. 11/966,428, filed Dec. 28, 2007, titled “Out-of Band Tokens forRights Access,” now U.S. Pat. No. 8,011,007, which is a continuation ofU.S. patent application Ser. No. 10/412,682, filed Apr. 14, 2003, titled“Out-of Band Tokens for Rights Access,” now U.S. Pat. No. 7,315,946,which is a continuation-in-part of U.S. patent application Ser. No.10/334,144, filed Dec. 31, 2002, titled “Out-of-Band Tokens for RightsAccess,” now abandoned, which claims priority from U.S. ProvisionalApplication No. 60/421,051, filed Oct. 25, 2002, titled “Out-of BandTokens for Rights Access.” Each of these applications is incorporated byreference in its entirety.

TECHNICAL FIELD

This document relates to rights access using out-of-band tokens.

BACKGROUND

The emergence of new technologies has created more channels fordissemination of content, whether access to the content beingdisseminated is authorized or not. Moreover, with digital copying toolsand Internet-based distribution programs, a pirated copy selection maybe digitally copied many times without distortion.

SUMMARY

In one general aspect, a content access system includes a storage mediumthat stores one or more selections of content, an out-of-band tokensensor that accesses a passive optical out-of-band token associated withthe content, an access controller that determines an access right forthe content based on the passive optical out-of-band token, and anauthenticating controller to enable access to the content in accordancewith the determined access right.

Implementations may include one or more of the following features. Forexample, the media storage may be an optical disk, a network accessiblehost, or a jukebox. The jukebox may store multiple selections fromdifferent authors. The passive optical out-of-band token may reside onthe storage medium. The passive optical out-of-band token may be printedor may include a hologram. A consumer appliance used to access thecontent may be unable to create the passive optical out-of-band token.The passive optical out-of-band token may be included in the packagingused to distribute the content, and may include a case cover, apackaging insert, or a card.

The out-of-band token sensor may include an image detector configured toread an image placed before the image detector. The image detector maydetermine optical values at selected locations in the passive opticalout-of-band token. The selected locations may be randomly selectedlocations from within the passive optical out-of-band token, and may beidentified by a master location in the passive optical out-of-bandtoken. The passive optical out-of-band token may spin to permit theout-of-band token sensor to read a pattern that results from spinningthe passive optical out-of-band token. The passive optical out-of-bandtoken may reside on more than one surface. The authenticating controllermay supply a default rule as to when the out-of-band token may beaccessed. The default rule may include a read-only permission.

The out-of-band token sensor may poll an access right data store withmore than one access right. The out-of-band token sensor may access theaccess right data store through a communications network. A firstregistering processor may register the out-of-band token. A secondregistering processor may modify the access right upon registering theout-of-band token. The authenticating controller may specify a number oftimes that the content may be accessed, specify a number of times thatthe content may be copied, and/or specify the devices on which thecontent may be accessed.

Implementations also may include a sequence of steps performed on thecontent access system to achieve these features. Other features will beapparent from the following description, including the drawings, and theclaims.

DESCRIPTION OF DRAWINGS

FIG. 1 illustrates an exemplary content access system.

FIG. 2A illustrates examples of devices that may be included in adistribution of a medium and that may be used as an out-of-band token.

FIG. 2B illustrates an exemplary card that may be used to signal accessrights.

FIGS. 2C and 2D together illustrate an exemplary medium showing howinformation appearing on the surface of a medium may generate anout-of-band token when the medium shown in FIG. 2C is spun.

FIG. 2E illustrates yet another exemplary out-of-band token.

FIG. 2F is an exemplary image that illustrates how the master locationmay dynamically generate an out-of-band token.

FIG. 3 illustrates an exemplary flow chart of a process for accessingcontent leveraging an out-of-band token.

FIG. 4 illustrates an exemplary communications system that includes amedia player configured to access a host.

FIG. 5 illustrates an exemplary flow chart of a process performed by amedia player configured to access a host.

FIG. 6 illustrates an exemplary jukebox configured to act as a contentaccess system.

Like reference symbols in the various drawings indicate like elements.For brevity, several elements in the figures described below arerepresented as monolithic entities. However, as would be understood byone skilled in the art, these elements each may include numerousinterconnected computers and components designed to perform a set ofspecified operations and/or dedicated to a particular geographic region.Similarly, illustrated processes may each include numerous subprocesses.

DETAILED DESCRIPTION

For illustrative purposes, FIGS. 1-6 describe a content access systemfor administering access to content. Generally, a consumer appliance inthe content access system generates or receives requests for access tocontent that may include one or more selections. Before satisfying sucha request, the consumer appliance may access an out-of-band tokenassociated with the content, may determine an access right for thecontent based on such an out-of-band token, and may enable access to thecontent in accordance with the determined access rights.

Generally, the token describes rights access information that is used toidentify access rights appropriate for the content, which rights mayvary based on the user, individually or categorically. An out-of-bandtoken resides in a different channel than the content, where the channelfor the content and the token may be of consistent type (e.g., bothoptical) or different type (e.g., magnetic and optical). Thus, theelectronic medium and out-of-band token generally are detected usingdifferent sensors. For example, an out-of-band token for contentrecorded on a compact disk may include a holographic image displayed onthe compact disk surface or cover.

The following simplified example is provided to illustrate use of anoptical token on the case of an optical disk. In this example, aconsumer inserts the optical disk into a disk player and swipes theoptical disk case underneath an optical sensor that is configured todiscern access rights from context indicia embedded in or otherwiseattainable from the optical disk case. Using the discerned accessrights, the disk player determines whether the requested access isavailable and acts appropriately to enable or deny access (e.g., play asong from the optical disk if it is determined that the access rightsallow such access).

FIG. 1 illustrates one implementation of a content access system 100configured to administer access to content. The content access system100 includes a medium 110 and a consumer appliance 120. The medium 110includes content 112 (e.g., electronic or optical) and an out-of-bandtoken 114 associated with the content 112. The consumer appliance 120includes a media container 122, a content sensor 124, and an out-of-bandtoken sensor 126. The consumer appliance 120 may use the out-of-bandtoken sensor 126 to read the out-of-band token 114, and may use theresults of the reading to determine access rights to the content 112.

Generally, the medium 110 includes one or more devices configured tostore content. Formats of the medium 110 have been generally describedpreviously. The medium 110 may be embodied or included in a portablededicated storage device, such as a memory/storage key or a floppy,compact, optical (e.g., CD (“compact disc”), DVD (“digital video disk”),HD-DVD (“high definition digital video disk”)), digital, versatile, orMP3 disk. Alternatively, the medium 110 may be included or integrated inanother system, which may or may not be portable or remote. For example,the medium 110 may include a hard drive of a consumer appliance 120,which may be used as an access-regulated jukebox to enable multipleselections of content depending on the configuration of the consumerappliance 120 and the access rights for a user accessing the jukebox.Alternatively, the medium 110 may reside on a remote system that isaccessible to a consumer appliance 120 and that is operated by a thirdparty, such as a record label.

Generally, the content resides in the channel for which the medium wasdesigned. For example, in an optical disk medium, the content (e.g., asong) is stored as optical binary bits. These optical bits may be readby targeting a location in the optical disk with an optical transceiverand determining whether each of a series of optical bits is logicallyset to a ‘1’ or ‘0’. Alternatively, if the medium 110 includes a compactflash card or a hard disk drive, the content 112 may reside in thememory in the compact flash card or on the magnetic platters of the harddisk drive.

The out-of-band token 114 is an authentication system configured toestablish access controls or permissions for the content. Theout-of-band token 114 and content 112 reside in different frequencies,channels, mediums or physical structures, or formats so that theout-of-band token 114 is not read by the sensor used to read the content112. For example, when using different frequencies to achieveindependence among content 112 and token 114, the content 112 may beread at a first wavelength and the out-of-band token 114 may be read ata second wavelength.

The out-of-band token 114 may be configured so that a consumer may beunable to create the out-of-band token 114. For example, a consumer maybe able to distribute the content, for example, using file sharingprotocols and optical disk writing technologies. However, a mint withequipment that is not accessible to consumers may write the out-of-bandtoken 114. The mint may include an industrial printer or a hologramwriter. The mint also may be configured to associate a particularinstance of the medium 110 or the content 112 with the out-of-band token114 being fabricated. For example, the mint may associate a serialnumber for the medium 110 or the content 112 with the out-of-band token114. Thus, an out-of-band token 114 associated with a first medium110/piece of content 112 may not used with a second medium 110/piece ofcontent 112.

The out-of-band token 114 need not be distributed with the medium 110.For example, a content provider may electronically distribute selectionsof content to one or more storage locations. At a later time, a consumermay use the out-of-band token 114 to unlock the content, which has beenelectronically distributed and is already residing in, for example, anelectronic jukebox.

The out-of-band token 114 may describe the instances of content 112 thatmay be accessed. For example, the out-of-band token may include a serialnumber printed on the surface of a disk. This serial number also may bestored in the content on the optical disk.

The out-of-band token 114 may be a passive device that is not requiredto be electronically interrogated. In contrast, an active out-of-bandtoken 114 may include an electronic or magnetic interface that isinterrogated electronically. For example, the out-of-band token 114 mayinclude a disk cover that is read by an optical “eye” configured to readdisk covers. One example of an active out-of-band token 114 is anelectronic key that is inserted into a key reader. The key reader mayelectronically probe key logic and/or memory to make an access controldetermination.

The consumer appliance 120 includes a medium container 122, a contentsensor 124, and an out-of-band token sensor 126. Generally, as describedin greater detail with respect to FIG. 3, the consumer appliance 120 isconfigured to (1) receive and secure medium 110 using medium container122, (2) read the out-of-band token 114 using the out-of-band tokensensor 126, (3) determine access rights based on the token 114, and (4)read the desired content from the medium 110 using the content sensor124 (e.g., an optical or magnetic head) if sufficient rights exist.

The consumer appliance 120 also may include and run one or more softwareapplications. For example, the consumer appliance 120 may run a softwareapplication configured to administer a rights access program. The rightsaccess program may be used to determine an access right for the content.Other software applications on the consumer appliance 120 may include asoftware application configured to display content information (e.g., acover, lyrics, artist information, and/or purchasing information for thecontent). Although the consumer appliance 120 in one sense, may relateto other consumer appliances, such as a CD player and/or a DVD player,the consumer appliance 120 also may relate to more flexible electronicequipment such as a personal computer. For example, a computer may beconfigured as a stereo system that runs a general-purpose operatingsystem with one or more media applications performed by a generaloperating system and a general-purpose processor. Additionally, thecomputer may be configured to respond to controls such as thosetypically found on a stereo system (e.g., a volume control dial).

The media container 122 is a device configured to receive and support amedium 110. For example, the media container 122 may include a trayconfigured to hold an optical disk and retrieve the optical disk intothe consumer appliance 120 to play the content on the optical disk.Alternatively, the medium container 122 may include a slot, a pressed-onlid used to insert an optical disk, a container configured to playvarious forms of electronic storage (e.g., compact flash, non-volatilememory), or some other mechanism capable of receiving and supporting amedium 110.

The content sensor 124 includes a detector configured to read content112 residing in a medium 110 that has been placed in or that issupported by the media container 122. The content sensor 122 may includean optical transceiver configured to read content written to orotherwise stored by an optical medium 110, such as an optical disk.Another example of the content sensor 124 may include a compact flashreader configured to read electronic and/or magnetic mediums.

The content sensor 124 may be integrated with the media container 122.For example, the content sensor 124 may be configured to read an opticaldisk that has been placed in a tray configured to secure the opticaldisk. The tray may retrieve the optical disk, rotate the optical disk,and control the location of the content sensor to read an appropriateportion of the content, such as, for example, a particular track.

The out-of-band token sensor 126 includes a device configured to read anout-of-band token 114 associated with content 112. The token 114 thenmay be used to determine an access right for the content 112. Using anout-of-band token sensor 126, it is possible to detect or otherwiseidentify, infer or resolve access rights based on information that doesnot actually reside within the content 112 in the medium 110 itself.That is, to determine the access rights appropriate for the content 112or the medium 110 itself, out-of-band sensor 126 may be used to accessanother source of information that resides in the medium 110 or achannel that is distinct from the medium 110 or the channel ofinformation used to store the content 112. Furthermore, the out-of-bandtoken sensor 126 may be configured to read a token 114 that isphysically located proximate to or even sharing the same physicalstructure as the content 112. For example, the out-of-band token sensor126 may read an out-of-band token 114 residing as an image printed thesurface of an optical disk. Thus, to access the content 112, a firstoptical detection device may be used to play a CD (e.g., content sensor124), while a different sensor (e.g., out-of-band token sensor 126) isused to access the out-of-band information residing on the label of theCD itself.

The out-of-band token sensor 126 may include a device distinct from thecontent sensor 124, or the out-of-band token sensor 126 may beco-located with the content sensor 124. For example, the out-of-bandtoken sensor 126 may be configured to read the label affixed to thesurface of a medium 110 that is inserted in the media container 122. Byway of contrast, the out-of-band token sensor 126 in another example maynot be co-located with the content sensor 124. For instance, theout-of-band token sensor 126 may read a label on the optical disk thatis swiped under an external out-of-band token sensor 126 before theoptical disk is placed in a tray acting as the media container 122. Inanother configuration, the out-of-band token sensor 126 may beconfigured to read out-of-band tokens 114 that are not co-located withthe medium 110. For example, the medium 110 may be inserted in the mediacontainer 122, and the cover of a case for the medium 110 may be swipedor placed before an out-of-band token sensor 126 that is configured toread one or more portions of the case cover to determine the accessrights for the content.

The out-of-band token 114 may be stored on the medium 110 (e.g., thelabel on the surface of the optical disk) as a hologram that is writtenonto the optical disk but that resides in a different band than thecontent itself. Furthermore, the hologram itself need not be stored asdigital information. For example, the hologram may comprise an analogimage that may be scanned by the out-of-band token sensor 126.

Generally, FIGS. 2A-2F illustrate exemplary out-of-band tokens.

Referring to FIG. 2A, one or more items may be distributed as packaging200A for medium 110 and used as an out-of-band token 114. Whenconfigured to act as an out-of-band token 114, these items may be readby the out-of-band token sensor 126 described in FIG. 1. Generally, thesystems in the packaging 200A may be distributed with the medium 110.

Specifically, the medium 110 described by FIG. 1 may be distributed withpackaging 210A, an insert 220A, and/or a card 230A. For example, DVDdisk packaging 200A may include a paper insert 220A that is descriptiveof the DVD tracks, the credits and the lyrics. The insert 220A mayinclude a guide to lyrics that is being distributed with a CD.Additionally, a card 230A with a high quality image may be distributed.The card 230A may be used to describe the content on the medium itself(e.g., track descriptions). For example, the card may be inserted in ajacket and collected by an owner.

Typically, in addition to the items shown by FIG. 2A, the packaging 210Aincludes one or more devices or components configured to protect themedium from being damaged. The packaging also may include one or moretheft deterrent devices and/or logistics management componentsconfigured to manage the medium itself. For example, the packaging mayinclude a bar code and/or an RF (“Radio Frequency”) identificationsensor that may be used in support of inventory and security functions.These items also may be used as out-of-band tokens.

The medium may include an optical disk with one or more pieces ofcontent available for use. This content may be digitally secured (e.g.,encrypted). Alternatively, the medium may include content that is notsecure and instead relies on a consumer appliance 120 to administer arights access scheme.

Referring to FIG. 2B, an exemplary card 230B may be configured to act asan out-of-band token. Generally, the card 230B relates to the card 230Adescribed previously in the context of packaging 200A in FIG. 2A.However, card 230B may include a cover image 232B and a description 234Band may have an image used to determine access rights. Althoughinformation in the image may not be discernable to the naked eye of anobserver, the out-of-band token sensor 126 may detect informationresiding in the image and use that information to determine the useraccess rights. For example, user access rights may be specified by acertain color or pattern appearing in a portion of the image used on thealbum cover 232B. Card 230B also illustrates how the access rights maybe incorporated into a card 230B that may be useful to the user as amedium identifier.

Referring to FIGS. 2C and 2D, an exemplary medium 200C illustrates howan out-of-band token may be generated from information appearing on thesurface of a medium 110. The out-of-band token sensor 126 may beconfigured to read token information that is not generated until themedium 110 itself is processed. For example, a pattern of informationmay be written to the label on an optical disk. As the label is spun, apattern may be generated on the surface of the optical disk, which maybe read to determine the access rights for the content. For example, theinformation may be encoded in areas 210C, 220C, and 230C of the medium200C. As medium 200C is spun, an out-of-band token 200D may be generatedand read from the surface of the medium 200C, as shown by the exemplarypattern of rings illustrated by FIG. 2D. When spun, the images 210C,220C, and 230C generate rings 210D, 220D, and 230D, which may be used todetermine the access rights.

Referring to FIG. 2E, an image 200E may be used as an out-of-band token114 with encoded access rights. Image 200E includes a first portionconfigured to encode an identifier (e.g., a serial number 210E), asecond different portion configured to describe a second identifier(e.g., medium information 220E), and a third portion configured todefine the access rights 230E. As such, the serial number, mediuminformation and access rights may be co-located or they may be locatedin different portions of the image.

Similarly, not all portions of the image must be used. In fact, only aportion of the image may be used to determine the access rights.Similarly, different portions of the image may be used for differentinstances of the medium 110. For example, for a first user the accessrights may be found in the upper left-hand corner, whereas, for the samecontent on a second medium, the access rights may reside in the lowerright-hand corner.

The location of the access rights in the out-of-band token may or maynot be specified in the same portion in advance. For example, in FIG.2F, image 200F illustrates how a master location may be located on animage that indicates where the user access rights are located in thatimage. For example, in image 200F, master location 210F indicates thatregions 220F, 230F, and 240F should be used to determine the accessrights. The master location may be located in a different portion of theimage. For example, in one image, the master location may be located inthe lower left-hand corner whereas, for the same content, the masterlocation may be located in the upper right-hand corner. The accessrights may be located in randomly-selected locations from within theimage.

Although several out-of-band tokens are shown, the out-of-band tokensare not limited to the out-of-band tokens shown in FIGS. 2A-2F. Forexample, other out-of-band tokens may include, but are not limited to, apromotional item also configured to act as an out-of-band token.

Referring to FIG. 3, a flow chart 300 illustrates an exemplary processfor administering access to content. Generally, flow chart 300 may beperformed on systems that have been described previously (e.g., consumerappliance 120 using medium 110).

As shown, the medium is received and the content is accessed (step 310).Receiving the medium and accessing the content may include inserting amedium 110 into a consumer appliance 120. Accessing content also mayinclude downloading content from a remote system. For example, a songmay be downloaded from the Internet.

The out-of-band token may be accessed (step 320). Generally, accessingthe out-of-band token involves enabling the out-of-band token sensor 126to read one or more out-of-band tokens 114. For example, after anoptical disk has been inserted into a consumer appliance 120, theconsumer appliance 120 may check the optical disk for an out-of-bandtoken 114 residing on the surface of the optical disk and also mayprompt the consumer to swipe an album cover underneath an additionalout-of-band token sensor 126. Accessing an out-of-band token may involvemore than one operation. For example, a consumer may be initiallyprompted for a first portion of the out-of-band token 114 and thensubsequently prompted for another portion of the out-of-band token 114.More specifically, a first portion of the out-of-band token 114 mayprovide one indicia of access (e.g., the content serial number) and thesecond portion may be used to provide another indicia of access (e.g.,the access rights).

With the content and the out-of-band token accessed, the access rightsare determined (step 330). Generally, determining the access right forthe content includes determining how a user may access the content. Forexample, permission to read, copy, and distribute the content may beindicated. Additionally, the access right may be set based on the deviceupon which the content is being accessed. For example, access rights maybe limited to a particular consumer appliance, or a particular class ofconsumer appliances (e.g., a portable device).

Determining an access right for the content may include determining thatno access rights have been identified. This may, in turn, trigger theapplication of one or more default rules based on user, device, and/orthe content criteria. For example, a default set of rules may beestablished and referenced for a particular user or class of users, aparticular type of electronic content, or a particular class of consumerappliance. One such default rule may determine that the access rightincludes read-only or some other predetermined permission level.

Determining the access right also may include retrieving an access rightdata store of more than one access right. This access right data storemay be accessed through a communications network, such as theconfiguration where the access right data store resides on a remote host150. Determining the access right also may include determining preciselyhow the content may be accessed. For example, determining the accessright may include specifying a number of times the content may beaccessed.

With the access right determined, access to the content is enabled inaccordance with the access right (step 340). For example, a controlleron a consumer appliance 120 may be directed to enable only read rightsto content and preclude the user from copying the content.

As an optional step (not shown), the out-of-band token may beregistered. Registering the out-of-band token may enable the accessrights to be modified. For example, until the out of the band token isregistered, the access rights may be set to read-only permissions.However, upon determining that the user has registered the out-of-bandtoken, the user may be given permission to make a predetermined numberof copies of the electronic content. Although the steps described inflow chart 300 appear in a serial order, they may be performed inparallel and/or in a different order. For example, although accessingcontent 112 is shown as being performed after accessing the out-of-bandtoken 114, those access operations may be performed in reverse order orin parallel. Thus, a user may read an image with the out-of-band tokenon an optical disk after the optical disk is inserted. Similarly, theoptical disk may be inserted and then a cover image may be read toaccess the out-of-band token, or the cover image may be readconcurrently with insertion of the optical disk in the consumerappliance 120.

Referring to FIG. 4, an exemplary communications system includes a mediaplayer 120 configured to access a remote data store 140 using acommunications line 130. Generally, the consumer appliance 120 relatesto the consumer appliance 120 described previously with respect to FIGS.1-3. However, the consumer appliance 120 of FIG. 4 includes a networkdevice configured to use a communications link 130 to determine accessrights and/or retrieve content from remote data store 140.

The communications link 130 typically includes a delivery network makinga direct or indirect communication between the consumer appliance 120and the host 140, irrespective of physical separation. Examples of acommunications link 130 include the Internet, the World Wide Web, WANs(“Wide Area Networks”), LANs (“Local Area Networks), analog or digitalwired and wireless telephone networks (e.g., PSTN (“Public SwitchedTelephone Network”), ISDN (“Integrated Services Digital Network”), andxDSL (“any type of Digital Subscriber Loop”), radio, television, cable,satellite, and/or any other delivery mechanism for carrying data. Thecommunications link 130 may include communication pathways that enablecommunications through the two or more delivery networks. Each of thecommunication pathways may include, for example, a wired, wireless,cable or satellite communication pathway.

The host 140 is generally capable of executing instructions under thecommand of a host controller (not shown). The host 140 may include oneor more hardware components and/or software components. An example of ahost 140 is a general-purpose computer (e.g., a personal computer)capable of responding to and executing instructions in a defined manner.Other examples include a special-purpose computer, a workstation, aserver, a device, a component, other physical or virtual equipment orsome combination thereof capable of responding to and executinginstructions.

The controller is a software application loaded on the host 140 forcommanding and directing communications with the consumer appliance 120.Other examples include a program, a piece of code, an instruction, adevice, a computer, a computer system, or a combination thereof, forindependently or collectively instructing the consumer appliance 120 orthe host 140 to interact and operate as described. The consumerappliance 120 and the host 140 may be embodied permanently ortemporarily in any type of machine, component, physical or virtualequipment, storage medium, or propagated signal capable of providinginstructions to the consumer appliance 120 or the host 140.

The host may include a permissions data store 142 and/or a content store144. The permissions data store 142 includes a program, an applicationor a device configured to provide security, rights access, and/orauthentication services for the host 140. For example, the permissionsdata store 142 may include a listing of serial numbers and associatedout-of-band tokens. Alternatively, the permissions data store 142 mayinclude listings of user identification information and content that theuser is allowed to access.

Typically, the content store 144 enables the consumer appliance 120 toaccess online content. Other services provided as part of the contentstore may include programs that aid in content selections, ande-commerce programs that enable access rights to be purchased oracquired. In one example, the content store 144 may enable a consumer tofind electronic content produced by the same artist. In another example,the content store may enable the consumer to purchase the access rights.

FIG. 5 illustrates an exemplary flow chart 500 of a consumer applianceconfigured to access a host. Generally, the consumer appliance 120 andthe host 140 relate to the consumer appliance 120 described previouslywith respect to FIGS. 1-4 and the host 140 described with respect toFIG. 4.

Initially, the consumer appliance 120 requests content (step 505). Therequested content may reside locally on the consumer appliance 120(e.g., on an optical disk in an optical disk player), or the requestedcontent may reside on a host. The host 140 receives the request (step510). The consumer appliance 120 then reads the out-of-band token (step515). Reading the out-of-band token may include using a card reader toread a card that has been purchased with access rights. The consumerappliance 120 transmits information related to the out-of-band token(step 520). Transmitting information related to the out-of-band tokenmay include transmitting information that enables an access right to bedetermined. For example, the out-of-band token may include an imagewritten to a card. The image may be read to determine a serial number.This serial number may be used as a reference to determine the accessrights.

The host 140 receives the information related to the out-of-band token(step 530) and uses that information to determine the access right (step535). Determining the access right may include referencing a user'spermissions residing on a permissions store 142. For example, aregistered user may be given a set of permissions for a set of content.For example, the user may be allowed to copy a first piece of content.Alternatively, the access rights may be associated with a particularconsumer appliance. For example, access to some content may bedetermined based on the identity of the consumer appliance being used toaccess the content.

The host 140 determines whether the access rights support the requestfor content (step 540). Determining whether the access rights supportthe request for content includes determining whether the permissionsrelated to the out-of-band token allow for the content to be accessed inthe requested manner. If the access right does support the requestedcontent (step 545), the consumer appliance 120 may receive the content(step 550) and play the content (step 555).

When the access rights do not support the request, the host 140 may beconfigured to enable the user to acquire the access rights. For example,the user may be prompted to purchase access rights (step 560). The usermay receive the prompt (step 565). Receiving the prompt may includegenerating a display on the consumer appliance 120 enabling the user toacquire the content. For example, the user may have a payment linkestablished so that the user may conveniently purchase access rights byreading an out-of-band token that identifies the user. In anotherexample, the consumer appliance may prompt the user for paymentinformation.

If the user elects to purchase access rights for the requested content,the consumer appliance 120 transmits the request to purchase accessrights (step 570). The host 150 receives the request to purchase accessrights (step 575). The host 150 then executes a transaction so that theaccess rights may be purchased (e.g., a credit card is charged) (notshown). With the access rights purchased, the host 140 modifies theaccess right to reflect the purchase (step 580). Modifying the accessright to reflect the purchase may include adjusting a user record in apermissions data store 142 so that the user may access the requestedcontent. Modifying the access right also may adjust an access right thatis locally maintained on the consumer appliance. For example, an opticaldisk player may have local permissions. Modifying the access right mayadjust the local permissions to enable access to the content withoutrequiring the consumer appliance to subsequently access the host 140.

Where the content does not reside on the consumer appliance 120, thehost 140 may transmit the content to the consumer appliance 120 (step585). Transmitting the content to the consumer appliance 120 may includeenabling the consumer appliance to download a particular file with therequested content. The consumer appliance receives the content (step 590and plays the content (step 595).

FIG. 6 shows an exemplary list of access rights for an exemplary jukeboxsystem 600. In jukebox 600, a content piece is selected along withaccess rights for the content. Generally, the jukebox 600 relates to thecontent access system 100 described in FIG. 1. However, FIG. 6illustrates how the consumer appliance 120 may function as a jukebox.Typically, a jukebox 600 includes more than one content piece that maybe selected, with multiple content pieces residing in a common locationor consumer appliance.

In the example shown in FIG. 6, the jukebox 600 includes content thatmay be selectively accessible. Jukebox 600 includes records 610-640,with each record describing a piece of content and the related accessright. In jukebox 600, record 610 describes a stored CD Y, for which theillustrated user has no access privileges, but for which the user maygain access privileges by purchasing use rights that are made availablethrough use of an out-of-band token that enables access to the content.For example, a user may purchase a card 230A that unlocks CD Y for theholder of the card 230A. The jukebox 600 may include an out-of-bandtoken sensor 126 configured to read the card 230A.

In jukebox 600, record 620 indicates that the user is given unlimitedread access to CD Z. For example, the illustrated user may havepurchased the CD and, by virtue of the purchase, may have unlimitedlistening rights to the CD. The access rights regulating unlimitedaccess to the CD may have been established by the user using out-of-bandtoken 114 to unlock the unlimited access rights to CD Z.

In contrast to the unlimited access rights to CD Z, for Movie A, record630 indicates that the user has read access rights and may make alimited number of copies of Movie A. Also, record 640 indicates that theuser has read-once access rights for Movie B. This may be because, forexample, Movie B is being distributed in a promotion and the user hasreceived read once access rights in the course of participating in thepromotion. For example, a marketing company may distribute promotionalitems in a magazine. The magazine promotion may include the card 230A,which may be read by the out-of-band token sensor 126 residing injukebox 300. Upon accessing Movie B once, the user's access rights toMovie B may be terminated.

The jukebox 600 may use a host-based system to track the number ofcopies or viewings. For example, a user may register their instance ofthe content on a host-based registry. Upon copying the content, acounter may be decremented to reflect that the user has consumed one ofhis rights. When the counter indicates that no more access rights exist,permission to perform the copying may be denied.

Other implementations are within the scope of the following claims. Forexample, the consumer appliance may distribute the operations across oneor more systems and/or proxies. In another example, the content may beaccessed on a first device, while the out-of-band token is accessed onanother device. For example, a consumer appliance that reads the opticaldisk may be used to read the content while an optical sensor attached toa personal computer may access the out-of-band token. The content thenmay interface with the out-of-band token sensor to determine the accessrights for the content.

A number of aspects of the consumer appliance have been described. Anout-of-band token that is not illustrated but may be used includes aserial number that is printed on the medium 110. Nevertheless, it willbe understood that various modifications may be made without departingfrom the spirit and scope of what is claimed. Accordingly, otherimplementations are within the scope of the following claims.

What is claimed is:
 1. A method for enabling access to media content,the method comprising: receiving, by a media content player, a requestto access particular media content; receiving, by the media contentplayer, a visual representation of an out-of-band token that bothspecifies (i) the particular media content and (ii) media content accessrights to the particular media content and resides in a different formatthan a medium used to store the particular media content, wherereceiving the visual representation of the out-of-band token includesreceiving the visual representation of the out-of-band token from animage detector, where receiving the visual representation of theout-of-band token from the image detector includes determining opticalvalues at selected locations in the out-of-band token; determining, bythe media content player, media content access rights to the particularmedia content from the visual representation of the out-of-band tokenthat specifies (i) the particular media content and (ii) media contentaccess rights to the particular media content; determining, by the mediacontent player, whether the media content access rights to theparticular media content determined from the visual representation ofthe out-of-band token specify that access to the particular mediacontent is permitted; and in response to determining that the mediacontent access rights to the particular media content determined fromthe visual representation of the out-of-band token specify that accessto the particular media content is permitted, enabling, by the mediacontent player, access to the particular media content through the mediaplayer.
 2. The method of claim 1, wherein the out-of-band token is apassive out-of-band token that is not required to be electronicallyinterrogated.
 3. The method of claim 1, wherein the out-of-bank token isreceived from a content media provider as part of a promotionaldocument.
 4. The method of claim 1, wherein the out-of-band token isprinted.
 5. The method of claim 1, wherein the out-of-band tokenincludes a hologram.
 6. The method of claim 1 comprising: detecting theout-of-band token is placed before an image detector, wherein receivingthe visual representation of the out-of-band token from an imagedetector is in response to detecting the out-of-band token is placedbefore the image detector.
 7. The method of claim 1, wherein theselected locations are randomly selected locations from within theout-of-band token.
 8. The method of claim 1, wherein the selectedlocations are identified by a master location in the out-of-band token.9. The method of claim 1, wherein enabling access to the particularmedia content includes specifying a number of times the media contentmay be accessed.
 10. The method of claim 1, wherein the out-of-bandtoken resides on more than one surface.
 11. The method of claim 1,further comprising registering the out-of-band token with a host. 12.The method of claim 11, further comprising modifying the determinedmedia content access right to provide additional access to theparticular media content upon registering the out-of-band token with thehost.
 13. The method of claim 1, wherein receiving, by a media contentplayer, a request to access particular media content, comprises:receiving a request to access media content from a remote media contentprovider.
 14. The method of claim 1, wherein receiving, by a mediacontent player, a request to access particular media content, comprises:receiving a request to access media content stored on the media player.15. The method of claim 1, wherein the visual representation of theout-of-band token comprises an image of the out-of-band token.
 16. Asystem comprising: one or more computers and one or more storage devicesstoring instructions that are operable, when executed by the one or morecomputers, to cause the one or more computers to perform operationscomprising: receiving, by a media content player, a request to accessparticular media content; receiving, by the media content player, avisual representation of an out-of-band token that both specifies (i)the particular media content and (ii) media content access rights to theparticular media content and resides in a different format than a mediumused to store the particular media content, where receiving the visualrepresentation of the out-of-band token includes receiving the visualrepresentation of the out-of-band token from an image detector, wherereceiving the visual representation of the out-of-band token from theimage detector includes determining optical values at selected locationsin the out-of-band token; determining, by the media content player,media content access rights to the particular media content from thevisual representation of the out-of-band token that specifies (i) theparticular media content and (ii) media content access rights to theparticular media content; determining, by the media content player,whether the media content access rights to the particular media contentdetermined from the visual representation of the out-of-band tokenspecify that access to the particular media content is permitted; and inresponse to determining that the media content access rights to theparticular media content determined from the visual representation ofthe out-of-band token specify that access to the particular mediacontent is permitted, enabling, by the media content player, access tothe particular media content through the media player.
 17. The system ofclaim 16, wherein the out-of-band token is a passive out-of-band tokenthat is not required to be electronically interrogated.
 18. Anon-transitory computer-readable medium storing software comprisinginstructions executable by one or more computers which, upon suchexecution, cause the one or more computers to perform operationscomprising: receiving, by a media content player, a request to accessparticular media content; receiving, by the media content player, avisual representation of an out-of-band token that both specifies (i)the particular media content and (ii) media content access rights to theparticular media content and resides in a different format than a mediumused to store the particular media content, where receiving the visualrepresentation of the out-of-band token includes receiving the visualrepresentation of the out-of-band token from an image detector, wherereceiving the visual representation of the out-of-band token from theimage detector includes determining optical values at selected locationsin the out-of-band token; determining, by the media content player,media content access rights to the particular media content from thevisual representation of the out-of-band token that specifies (i) theparticular media content and (ii) media content access rights to theparticular media content; determining, by the media content player,whether the media content access rights to the particular media contentdetermined from the visual representation of the out-of-band tokenspecify that access to the particular media content is permitted; and inresponse to determining that the media content access rights to theparticular media content determined from the visual representation ofthe out-of-band token specify that access to the particular mediacontent is permitted, enabling, by the media content player, access tothe particular media content through the media player.